Common Security API

The Liberty-based security APIs are included in the com.sun.identity.liberty.ws.security package and the com.sun.identity.liberty.ws.common.wsse package.

com.sun.identity.liberty.ws.security Package

The com.sun.identity.liberty.ws.security package
includes the SecurityTokenProvider interface
for managing Web Service Security (WSS) type tokens and the SecurityAttributePlugin interface for inserting security
attributes (using an AttributeStatement) into the
assertion during the Discovery Service token generation. The following table
describes the classes used to manage Liberty-based security mechanisms.

Table 9–2 com.sun.identity.liberty.ws.security Classes

Class

Description

ProxySubject

Represents the identity of a proxy, the confirmation key, and
confirmation obligation the proxy must possess and demonstrate for
authentication purposes.

ResourceAccessStatement

Conveys information regarding the accessing entities and the
resource for which access is being attempted.

SecurityAssertion

Provides an extension to the Assertion class to support ID-WSF ResourceAccessStatement and SessionContextStatement.

SecurityTokenManager

An entry class for the security package com.sun.identity.liberty.ws.security. You can call its methods to generate X.509 and SAML tokens
for message authentication or authorization. It is designed as a provider
model, so different implementations can be plugged in if the default
implementation does not meet your requirements.

SessionContext

Represents the session status of an entity to another system
entity.

SessionContextStatement

Conveys the session status of an entity to another system entity
within the body of an <saml:assertion> element.